<?php
/**
 * Created by PhpStorm.
 * User: suruixiang
 * Date: 2017/9/29
 * Time: 下午7:05
 */
//过滤尖括号后数据
function filterString($string)
{
    return trim(preg_replace('/\<.*$/', '', $string));
}
function webscan_arr_foreach($arr)
{
    static $str;
    static $keystr;
    if (!is_array($arr)) {
        return $arr;
    }
    foreach ($arr as $key => $val ) {
        $keystr=$keystr.$key;
        if (is_array($val)) {
            webscan_arr_foreach($val);
        } else {
            $str[] = $val.$keystr;
        }
    }
    return implode($str);
}
function webscan_StopAttack($StrFiltKey, $StrFiltValue, $ArrFiltReq)
{
    $StrFiltValue = webscan_arr_foreach($StrFiltValue);
    if (preg_match("/".$ArrFiltReq."/is", $StrFiltValue) == 1) {
        return false;
    }
    if (preg_match("/".$ArrFiltReq."/is", $StrFiltKey) == 1) {
        return false;
    }
    return true;
}
//检测是否含有危险字符
function checkRiskString()
{
    $getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

    $postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

    $cookiefilter = "benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*(\(.+\)\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\\(.+\\)|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\\(.+\\)|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";

    $webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);

    foreach ($_GET as $key=>$value) {
        if (!webscan_StopAttack($key, $value, $getfilter))
            return false;
    }
    foreach ($_POST as $key=>$value) {
        if (!webscan_StopAttack($key, $value, $postfilter))
            return false;
    }
    foreach ($_COOKIE as $key=>$value) {
        if (!webscan_StopAttack($key, $value, $cookiefilter))
            return false;
    }
    foreach ($webscan_referer as $key=>$value) {
        if (!webscan_StopAttack($key, $value, $postfilter))
            return false;
    }
    return true;
}
//输出调试
function P($data){
    echo "<pre>";
    print_r($data);
    die;
}
//获取客户端真实IP
function getIPaddress(){
    $IPaddress='';
    if (isset($_SERVER)){
        if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])){
            $IPaddress = $_SERVER["HTTP_X_FORWARDED_FOR"];
        } else if (isset($_SERVER["HTTP_CLIENT_IP"])) {
            $IPaddress = $_SERVER["HTTP_CLIENT_IP"];
        } else {
            $IPaddress = $_SERVER["REMOTE_ADDR"];
        }
    } else {
        if (getenv("HTTP_X_FORWARDED_FOR")){
            $IPaddress = getenv("HTTP_X_FORWARDED_FOR");
        } else if (getenv("HTTP_CLIENT_IP")) {
            $IPaddress = getenv("HTTP_CLIENT_IP");
        } else {
            $IPaddress = getenv("REMOTE_ADDR");
        }
    }
    return $IPaddress;

}
function curlGet($url, $params='')
{
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch,CURLOPT_POSTFIELDS,$params);
    curl_setopt($ch, CURLOPT_TIMEOUT,3);
    $data = curl_exec($ch);
    curl_close ($ch);
    return json_decode($data, true);
}
//生成随机字符串
function createString($length = 5, $type = 1)
{
    $string = '';
    if ($type == 1)
        $str = '1234567890';
    elseif ($type == 2)
        $str = 'qwertyuiopasdfghjklzxcvbnm';
    elseif ($type == 3)
        $str = 'qwertyuiopasdfghjklzxcvbnm1234567890';
    for ($i = 0; $i < $length; $i++) {
        $string .= $str[rand(0, strlen($str)-1)];
    }
    return $string;
}